<?php
    @session_start();
    $iniVars = parse_ini_file('../../config.ini',TRUE);
    include('../../classes/adodb5/adodb.inc.php');
    include('../../function/db.tl.func.php');
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    $sql = "SELECT * FROM employee WHERE username='$username'";
    
    $sql = "SELECT users.*,employee.* FROM employee LEFT JOIN users ON (users.username=employee.username) WHERE users.username='$username' AND users.password=SHA1($password)";
    $result = $db->Execute($sql);
    if($result)
    {
        if($result->fields['profile']=='Administrator' OR $result->fields['a']=='Y'){
            //session_register('ADMINSESS');
            $_SESSION['ADMINSESS']['USERNAME'] = $username;
            $_SESSION['ADMINSESS']['PROFILE'] = $result->fields['profile'];
            echo 'success';
        }
        else
        {
            echo "คุณไม่มีสิทธิ์เข้าใช้ในส่วนนี้";
        }
    }
    else
    {
        echo "ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง";
    }
?>